Saturday, December 14, 2024
HomeCVE/vulnerabilitySpectre NG - 8 New Serious Spectre Level Security Vulnerabilities Found in...

Spectre NG – 8 New Serious Spectre Level Security Vulnerabilities Found in Intel Processors

Published on

SIEM as a Service

Security Researchers discovered 8 new Spectre level critical Vulnerabilities in Intel CPU’s which is named as “Spectre Next Generation (Spectre-NG)” and each has their own CVE & Patches.

Previously discovered highly critical vulnerabilities Spectre and Meltdown have been made a huge impact in IT sectors.

Spectre and Meltdown flaw allow an attacker to steal the data that currently processed on the computer it includes the process of personal photos, Emails, Password manager, instant messages and sensitive documents.

- Advertisement - SIEM as a Service

Recent discovered “Spectre Next Generation or Spectre-NG”  vulnerabilities have their own names and this flaw have been affected some of the ARM CPUs as well.

Group of security researchers has been reported all these vulnerabilities to Intel and Intel is already working on its own patches for Spectre-NG.

Also, Intel Planned to work with other operating system manufacturers and planning to release the patch in two waves. first one will be May 2018 and the second one will be August 2018.

Google Zero-day elite hackers have been reported one of the 8 vulnerabilities and they have 90-day deadline policy to fix the vulnerability so it was unclear about going public when the deadline ends.

According to Intel, 4 Vulnerabilities are classified as the severity of “high risk” and other 4 vulnerabilities are “Medium risk” in this Out of 8 Spectre-NG Vulnerabilities.

These high-risk vulnerabilities attack scenario similar to the Spectre vulnerability and one of the 8 vulnerability has estimated the potential risk is higher than old Spectre vulnerability.

According to Researchers, Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server.

Also, Spectre-NG vulnerability exploitation is quite easier for the attackers across system boundaries.

Researchers warned that this Spectre-NG flaw danger for private individuals and corporate PCs and they should be taken seriously and the upcoming Spectre-NG updates should be installed quickly after their release.

A Spectre-NG vulnerability has been clearly double and triple check the consequences of the flaw and researchers denied to publish technical details as long as there is still a chance that manufacturers will get their security updates ready before the details of the flaws become public.

In this case, Microsoft already started working for patches and PC manufacturers are taking too long to provide BIOS updates. Microsoft already announced up to $250,000 in a bug bounty program for Spectre flaws .

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Nigerian National Extradited to Nebraska for Wire Fraud Charges

United States Attorney Susan Lehr announced the extradition of Abiola Kayode, 37, from Nigeria...

Dell Security Update, Patch for Multiple Critical Vulnerabilities

Dell Technologies has released a security advisory addressing multiple critical vulnerabilities that could expose...

CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities...

FBI Seizes Rydox Marketplace, Arrests Key Administrators

The Federal Bureau of Investigation (FBI) announced the seizure of Rydox, an illicit online...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Dell Security Update, Patch for Multiple Critical Vulnerabilities

Dell Technologies has released a security advisory addressing multiple critical vulnerabilities that could expose...

GitLab Security Update, Patch for Critical Vulnerabilities

GitLab announced the release of critical security patches for its Community Edition (CE) and...

Splunk RCE Vulnerability Let Attackers Execute Remote Code

Splunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution...